Application Serial No. 10/002,694 PATENT 
IN THR CL AIMS; 

A status of all the claims of the present Application is presented below: 

1. (Original) A method of presenting data related to an intrusion event on a 
computer system, comprising: 

capturing data related to the intrusion event; 

decoding the captured data from a predetermined format to a predetermined format 
decipherable by humans, the decoded data in turn comprises intrusion event data, data summary, 
and detailed data; and 

presenting the decoded data to a user in an organized manner. 

2. (Original) The method, as set forth in claim 1, wherein capturing data 
comprises capturing network data packets of the intrusion event. 

3. (Original) The method, as set forth in claim 1, wherein decoding the captured 
data comprises decoding the captured data from a binary format to a human-readable text format. 

4. (Original) The method, as set forth in claim 1, wherein decoding the captured 
data comprises decoding the captured data to decoded data having a data link layer protocol 
header, a network layer protocol header, a network layer protocol data summary, and packet data 
in hexadecimal format. 

5. (Original) The method, as set forth in claim 1, wherein decoding the captured 
data comprises decoding the captured data to decoded data having an Ethernet header, an IP 
header, an IP data summary, and packet data in hexadecimal format. 

6. (Original) The method, as set forth in claim 1, wherein presenting the 
decoded data comprises displaying the decoded data on a computer screen. 

Page 2 



Application Serial No. 10/002,694 PA TENT 

7. (Original) The method, as set forth in claim 1, wherein presenting the 
decoded data comprises graphically displaying the decoded data according to a predetermined 
report organization and format. 

8. (Original) The method, as set forth in claim 1, wherein presenting the 
decoded data comprises generating a report having the decoded data. 

9. (Original) A method of presenting data of an intrusion detection system, 
comprising: 

capturing, from a network, data related to an intrusion event in response to a trigger; 
decoding the captured data from a first predetermined format to a second predetermined 
format, the decoded data comprising network header data, data summary, and detailed data; and 
presenting the decoded data according to a predetermined report format. 

10. (Original) The method, as set forth in claim 9, wherein capturing data 
comprises capturing network data packets of the intrusion event in response to detecting the 
presence of a predetermined signature in the network data packet. 

1 1 . (Original) The method, as set forth in claim 9, wherein decoding the captured 
data comprises decoding the captured data from a binary format to a human-readable text format. 

12. (Original) The method, as set forth in claim 9, wherein decoding the captured 
data comprises decoding the captured data to decoded data having a data link layer protocol 
header, a network layer protocol header, a network layer protocol data summary, and packet data 
in hexadecimal format. 

13. (Original) The method, as set forth in claim 9, wherein decoding the captured 
data comprises decoding the captured data to decoded data having an Ethernet header, an IP 
header, an IP data summary, and packet data in hexadecimal format. 
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14. (Original) The method, as set forth in claim 9, wherein presenting the 
decoded data comprises graphically displaying the decoded data according to a predetermined 
report format and organization. 

15. (Original) The method, as set forth in claim 1, wherein presenting the 
decoded data comprises generating a report having the decoded data. 

16. (Original) A system of presenting data of an intrusion detection system, 
comprising: 

a network driver capturing data related to an intrusion event from a network; 

a decode engine decoding the captured data from a predetermined format to a 
predetermined format decipherable by humans, the decoded data comprising intrusion event data, 
data summary, and detailed data; and 

a user interface presenting the decoded data to a user. 

17. (Original) The system, as set forth in claim 16, wherein the network driver 
captures network data packets of the intrusion event in response to the intrusion detection system 
detecting a predetermined intrusion signature. 

18. (Original) The system, as set forth in claim 16, wherein the decode engine 
decodes the captured data from a binary format to a human-readable text format. 

19. (Original) The system, as set forth in claim 16, wherein the decode engine 
decodes the captured data to decoded data having a data link layer protocol header, a network 
layer protocol header, a network layer protocol data summary, and packet data in hexadecimal 
format. 



Page 4 



Application Serial No. 10/002,694 



PATENT 



20. (Original) The system, as set forth in claim 16, wherein the decode engine 
decodes the captured data to decoded data having an Ethernet header, an TP header, an IP data 
summary, and packet data in hexadecimal format. 

21. (Original) The system, as set forth in claim 16, wherein the user interface 
displays the decoded data on a computer screen. 

22. (Original) The system, as set forth in claim 16, wherein the user interface 
graphically displaying the decoded data according to a predetermined report organization and 
format. 

23. (Original) The system, as set forth in claim 16, wherein the user interface 
generates a report having the decoded data. 
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